A quick count on my apache error logs tell me that over the past 4 months, about 1000 attempts have been made to exploit a (missing) XMLRPC PHP script on my webserver. About 400 attempts have been made for a (missing) awstats script. My server only serves personal pages.. OUCH!?!
Maybe I should create some stub pages that state "Nothing to see here! The feds have been warned!" ?
My access logs are cluttered with this crud too. You could always use a tool like Fail2Ban to add them to your firewall ban list.
